WireGuard trouble shooting

config.nix

{networking = {
    nat.enable = true;
    nat.externalInterface = "wlp2s0";
    nat.internalInterfaces = [ "wg0" ];

    firewall.enable = true;
    firewall.allowedTCPPorts = [ 51820 ];

    wg-quick.interfaces.wg0 = {
      privateKeyFile = "/etc/nixos/secrets/wireguard-private-key";
      address = [ "10.100.0.1/24" ];
      dns = [ "10.133.7.1" ];
      listenPort = 51820;
      postUp = "iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE";
      postDown = "iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlp2s0 -j MASQUERADE";
      peers = [
        { publicKey = "fe0W8ZNOdJOtj1Hy+wFXwSPH6v4oyMmmm8D9VUgiaHQ="
        ; allowedIPs = ["10.100.0.2/32"]; }
        { publicKey = "ImgQ0n4FIqNcV9+LH3vQr5kdK+IEYz4M5xXRQJaf1Bc="
        ; allowedIPs = ["10.100.0.3/32"]; }
      ];
    };
};}

wg-show.txt

interface: wg0
  public key: JI/CZEPds9AnrcQrF9spjTJ4oHMG5i786jcGcgi6tF8=
  private key: (hidden)
  listening port: 51820

peer: fe0W8ZNOdJOtj1Hy+wFXwSPH6v4oyMmmm8D9VUgiaHQ=
  allowed ips: 10.100.0.2/32

peer: ImgQ0n4FIqNcV9+LH3vQr5kdK+IEYz4M5xXRQJaf1Bc=
  allowed ips: 10.100.0.3/32